<%@ page language="java"
	import="java.sql.PreparedStatement,java.sql.ResultSet"
	pageEncoding="UTF-8"%>
<!DOCTYPE>
<html>
<head>
<title>管理员登录</title>
<style>
.main {
	width: 798px;
	height: 300px;
	border: 1px red solid;
	margin: 0px auto;
}

form {
	margin-top: 100px;
	margin-left: 240px;
	line-height: 35px;
}
</style>
</head>
<body>
	<%@ include file="header.jsp"%>
	<div class="main">
		<form method="post">
			请输入管理员密码：<input type="password" name="pwd" value="admin"> <input
				type="submit" value="提交">
		</form>
	</div>
	<%@ include file="conn.jsp"%>
	<!-- 得到连接对象conn -->
	<%
 		String pw=request.getParameter("pwd");
 		if(null != pw){  //单击提交按钮但并未输入的字段值为空串
			 if(pw.trim().length()>0){  //必须输入表单元素username的值才进行数据库查询
				String sql="select * from admin where  pwd=md5(?)";  //参数式查询
				PreparedStatement pst = conn.prepareStatement(sql);  
				pst.setString(1, pw);  //1---参数1
				ResultSet rs = pst.executeQuery();  //预编译，带缓冲的选择查询
				if(rs.next()){  //正确
				    session.setAttribute("admin",rs.getString(1));  //会话跟踪
					response.sendRedirect("admin/adminIndex.jsp");
				}else{
					out.print("<script>alert('密码错误!');location.href='index.jsp'</script>");
				}
			}else{
				out.print("<script>alert('密码不能空!')</script>");
				//可继续输入登录信息
			} 
		}
 	 %>
	<%@ include file="footer.jsp"%>
</body>
</html>